Developing for Splunk Enterprise

unable to execute python script thro inputs.conf

premranjithj
Builder

unable to execute python script , below is the inputs.conf and py script.

if i run the script from python interpreter , it gives output but not thro inputs.conf

@kamlesh_vaghela 

 

[script:///$SPLUNK_HOME/etc/apps/search/bin/dockesd.py]
disabled = false
host = host1
index = indx
interval = 30
source = Perform
sourcetype = Memory

 

 Script:

 

import os
os.system('docker container ls --format="{{json .}}"')

 

Labels (2)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@premranjithj 

 

Can you please check your script by executing below command? Does it gives you expected OP or any error.

 

 

./splunk cmd python /opt/splunk/etc/apps/search/bin/dockesd.py

 

0 Karma

premranjithj
Builder

@kamlesh_vaghela  @richgalloway 

after executing ./splunk cmd.

i am getting below warning message with output.

/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py:47: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography import x509
IMAGE,CONTAINER ID,COMMAND,CREATED AT,STATUS,PORTS,NAMES
thomsch98/kafdrop:latest,8c0e092b6815,"/usr/local/bin/mvn-…",2021-03-26 18:29:56 -0400 EDT,Up 4 days,,PAServices_kafdrop.1.yen4hgju18kkfgq9bvud7e1w8
143.22.167.109:5000/help-documentation-app:0.1.13,93201914aec5,"httpd-foreground",2021-03-25 15:39:55 -0400 EDT,Up 5 days,80/tcp,PAContainer_helpservice.1.r3b5796b5jm8x5sxu4iec1br6

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What does "unable to execute mean"?  What errors does Splunk log for the input?

Does os.system write to stdout?  If not, then Splunk will not index anything.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

premranjithj
Builder

@richgalloway even after printing output. i dont see ouput indexing into splunk. if i use plain shell script its indexing data

import commands
output = commands.getstatusoutput('docker ps --format "table {{ .Image }},{{.ID}},{{.Command}},{{.CreatedAt }},{{.Status }},{{.Ports }},{{.Names}}"')
print(output) 

  

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Again I ask what error(s) is Splunk reporting?

Please tell us how you told Splunk to run this script.

---
If this reply helps you, an upvote would be appreciated.
0 Karma